<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
    "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="generator" content="AsciiDoc 8.6.8" />
<link rel="Shortcut Icon" href="/images/favicon.ico" type="image/x-icon" />
<title></title>
<link rel="stylesheet" href="asciidoc-14.css" tppabs="http://old.peachfuzzer.com/v2/TutorialNetworkServer/asciidoc.css" type="text/css" />
<link rel="stylesheet" href="website-14.css" tppabs="http://old.peachfuzzer.com/v2/TutorialNetworkServer/website.css" type="text/css" />
</head>

<body>

<div id="layout-menu-box">
<div id="layout-menu">
  <div><a href="WhatIsPeach.html" tppabs="http://old.peachfuzzer.com/WhatIsPeach.html">What is Peach</a></div>
  <div><a href="Installation.html" tppabs="http://old.peachfuzzer.com/v3/Installation.html"><b>Installing</b></a></div>
  <div><a href="PeachQuickStart.html" tppabs="http://old.peachfuzzer.com/v3/PeachQuickStart.html"><b>Tutorials</b></a></div>
  <div><a href="Methodology.html" tppabs="http://old.peachfuzzer.com/Methodology.html">Methodology</a></div>
  <div><a href="Introduction.html" tppabs="http://old.peachfuzzer.com/Introduction.html">Introduction</a></div>
  <div><a href="Training.html" tppabs="http://old.peachfuzzer.com/Training.html">Training</a></div>
  <div><a href="javascript:if(confirm(%27http://www.dejavusecurity.com/peach.html  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://www.dejavusecurity.com/peach.html%27" tppabs="http://www.dejavusecurity.com/peach.html">Enterprise</a></div>
  <div><a href="FAQ.html" tppabs="http://old.peachfuzzer.com/v3/FAQ.html">FAQ</a></div>
  <div><a href="javascript:if(confirm(%27http://forums.peachfuzzer.com/forum.php  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://forums.peachfuzzer.com/forum.php%27" tppabs="http://forums.peachfuzzer.com/forum.php">Support Forums</a></div>

  <div><h5>Peach 3</h5></div>
  <div><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="PeachPit.html" tppabs="http://old.peachfuzzer.com/v3/PeachPit.html">Peach Pits</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="GeneralConfiguration.html" tppabs="http://old.peachfuzzer.com/v3/GeneralConfiguration.html">General Conf</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="DataModeling.html" tppabs="http://old.peachfuzzer.com/v3/DataModeling.html">Data Modeling</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="StateModel.html" tppabs="http://old.peachfuzzer.com/v3/StateModel.html">State Modeling</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="AgentsMonitors.html" tppabs="http://old.peachfuzzer.com/v3/AgentsMonitors.html">Agents</a></div>
  <div>&nbsp;&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="AgentsMonitors.html" tppabs="http://old.peachfuzzer.com/v3/AgentsMonitors.html">Monitors</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="TestConfig.html" tppabs="http://old.peachfuzzer.com/v3/TestConfig.html">Test</a></div>
        <div>&nbsp;&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="Publisher.html" tppabs="http://old.peachfuzzer.com/v3/Publisher.html">Publishers</a></div>
  <div>&nbsp;&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="Logger.html" tppabs="http://old.peachfuzzer.com/v3/Logger.html">Loggers</a></div>
  <!-- <div>&nbsp;<img src="/images/1.gif" /><a href="/v3/DebuggingPitFiles.html">Debugging Pits</a></div> -->
  <!-- <div>&nbsp;<img src="/images/1.gif" /><a href="/v3/ValidatingPitFiles.html">Validating Pits</a></div> -->
  <div><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="RunningPeach.html" tppabs="http://old.peachfuzzer.com/v3/RunningPeach.html">Running</a></div>
  <!-- <div><img src="/images/1.gif" /><a href="/v3/ParallelPeach.html">Parallel</a></div> -->
  <!-- <div><img src="/images/1.gif" /><a href="/v3/ExtendingPeach.html">Extending</a></div> -->
  <div><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="minset.html" tppabs="http://old.peachfuzzer.com/v3/minset.html">Minset</a></div>

  <div><h5><a href="peach23.html" tppabs="http://old.peachfuzzer.com/v2/peach23.html">Peach 2.3</a></h5></div>

  <div><hr/></div>

  <div><a href="License.html" tppabs="http://old.peachfuzzer.com/License.html">License</a></div>
</div>
</div>
<div id="layout-content-box">
<div id="layout-banner">
  <div id="layout-title">
    <a href="index.htm" tppabs="http://old.peachfuzzer.com/"><img src="peach_fuzzer.png" tppabs="http://old.peachfuzzer.com/images/peach_fuzzer.png" height="100" /></a>
    <a href="javascript:if(confirm(%27http://www.dejavusecurity.com/peach.html  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://www.dejavusecurity.com/peach.html%27" tppabs="http://www.dejavusecurity.com/peach.html" class="layout-inner-banner-right">
                <img height="50" src="dejavusecurity.png" tppabs="http://old.peachfuzzer.com/images/dejavusecurity.png" /></a>
  </div>

  <div id="layout-description">
  <script>
  (function() {
    var cx = '007028538774543840348:g-0dlrdlmxs';
    var gcse = document.createElement('script'); gcse.type = 'text/javascript'; gcse.async = true;
    gcse.src = (document.location.protocol == 'https:' ? 'https:' : 'http:') +
        '//www.google.com/cse/cse.js?cx=' + cx;
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(gcse, s);
  })();
</script>
<gcse:search></gcse:search>
      </div>
</div>
<div id="layout-content">
<div id="content">
<div class="paragraph"><p><a href="DevelopmentEnvironment-4.html" tppabs="http://old.peachfuzzer.com/v2/TutorialNetworkServer/DevelopmentEnvironment.html">&lt;&lt; Previouse</a> | <a href="TutorialNetworkServer.html" tppabs="http://old.peachfuzzer.com/v2/TutorialNetworkServer.html">Up</a> | <a href="CreateStateModel-4.html" tppabs="http://old.peachfuzzer.com/v2/TutorialNetworkServer/CreateStateModel.html">Next &gt;&gt;</a></p></div>
<hr />
<div class="sect1">
<h2 id="_creating_data_models">Creating Data Models</h2>
<div class="sectionbody">
<div class="paragraph"><p><strong>TODO: Complete this page!</strong></p></div>
<div class="paragraph"><p>Now we are going to dive right in.  Lets start by making a copy of <code>template.xml</code> (found in your Peach folder) to <code>mysql.xml</code>.  This will hold all of the information about our MySQL fuzzer.  You will also want a sample network capture , grab <a href="javascript:if(confirm(%27http://old.peachfuzzer.com/v2/attachment:mysql-capture.zip.html  \n\nThis file was not retrieved by Teleport Ultra, because the server reports that access to this file is forbidden.  \n\nDo you want to open it from the server?%27))window.location=%27http://old.peachfuzzer.com/v2/attachment:mysql-capture.zip.html%27" tppabs="http://old.peachfuzzer.com/v2/attachment:mysql-capture.zip.html">this one</a>.</p></div>
<div class="paragraph"><p>Go ahead and load up <code>wav.xml</code> into your XML editor.</p></div>
<div class="paragraph"><p>Now, you will want to check out the following specification to get an idea for the format of MySQL protocol:</p></div>
<div class="olist arabic"><ol class="arabic">
<li>
<p>
<a href="javascript:if(confirm(%27http://forge.mysql.com/wiki/MySQL_Internals_ClientServer_Protocol  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://forge.mysql.com/wiki/MySQL_Internals_ClientServer_Protocol%27" tppabs="http://forge.mysql.com/wiki/MySQL_Internals_ClientServer_Protocol">MySQL Client/Server Protocol</a>
</p>
</li>
</ol></div>
</div>
</div>
<div class="sect1">
<h2 id="_common_packet_header">Common Packet Header</h2>
<div class="sectionbody">
<div class="listingblock">
<div class="content"><!-- Generator: GNU source-highlight 3.1.7
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><span style="font-weight: bold"><span style="color: #0000FF">&lt;DataModel</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"PacketHeader"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Number</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Length"</span> <span style="color: #009900">size</span><span style="color: #990000">=</span><span style="color: #FF0000">"24"</span> <span style="color: #009900">signed</span><span style="color: #990000">=</span><span style="color: #FF0000">"false"</span> <span style="color: #009900">endian</span><span style="color: #990000">=</span><span style="color: #FF0000">"big"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;Relation</span></span> <span style="color: #009900">type</span><span style="color: #990000">=</span><span style="color: #FF0000">"size"</span> <span style="color: #009900">of</span><span style="color: #990000">=</span><span style="color: #FF0000">"Data"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;/Number&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Number</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Number"</span> <span style="color: #009900">size</span><span style="color: #990000">=</span><span style="color: #FF0000">"8"</span> <span style="color: #009900">signed</span><span style="color: #990000">=</span><span style="color: #FF0000">"false"</span> <span style="color: #009900">endian</span><span style="color: #990000">=</span><span style="color: #FF0000">"big"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Blob</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Data"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
<span style="font-weight: bold"><span style="color: #0000FF">&lt;/DataModel&gt;</span></span></tt></pre></div></div>
</div>
</div>
<div class="sect1">
<h2 id="_handshake_packet_server_to_client">Handshake Packet (Server to Client)</h2>
<div class="sectionbody">
<div class="listingblock">
<div class="content"><!-- Generator: GNU source-highlight 3.1.7
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><span style="font-style: italic"><span style="color: #9A1900">&lt;!-- Server -&gt; Client --&gt;</span></span>
<span style="font-weight: bold"><span style="color: #0000FF">&lt;DataModel</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"HandshakePacket"</span> <span style="color: #009900">ref</span><span style="color: #990000">=</span><span style="color: #FF0000">"PacketHeader"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Block</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Data"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;Number</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"ProtocolVersion"</span> <span style="color: #009900">size</span><span style="color: #990000">=</span><span style="color: #FF0000">"8"</span> <span style="color: #009900">signed</span><span style="color: #990000">=</span><span style="color: #FF0000">"false"</span> <span style="color: #009900">endian</span><span style="color: #990000">=</span><span style="color: #FF0000">"big"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;String</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"ServerVersion"</span> <span style="color: #009900">nullTerminated</span><span style="color: #990000">=</span><span style="color: #FF0000">"true"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;Number</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"ThreadId"</span> <span style="color: #009900">size</span><span style="color: #990000">=</span><span style="color: #FF0000">"32"</span> <span style="color: #009900">signed</span><span style="color: #990000">=</span><span style="color: #FF0000">"false"</span> <span style="color: #009900">endian</span><span style="color: #990000">=</span><span style="color: #FF0000">"big"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;Blob</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"ScrambleBuff"</span> <span style="color: #009900">length</span><span style="color: #990000">=</span><span style="color: #FF0000">"8"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;Blob</span></span> <span style="color: #009900">length</span><span style="color: #990000">=</span><span style="color: #FF0000">"1"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"0"</span> <span style="color: #009900">isStatic</span><span style="color: #990000">=</span><span style="color: #FF0000">"true"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;Number</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Capabilities"</span> <span style="color: #009900">size</span><span style="color: #990000">=</span><span style="color: #FF0000">"16"</span> <span style="color: #009900">signed</span><span style="color: #990000">=</span><span style="color: #FF0000">"false"</span> <span style="color: #009900">endian</span><span style="color: #990000">=</span><span style="color: #FF0000">"big"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;Number</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Language"</span> <span style="color: #009900">size</span><span style="color: #990000">=</span><span style="color: #FF0000">"8"</span> <span style="color: #009900">signed</span><span style="color: #990000">=</span><span style="color: #FF0000">"false"</span> <span style="color: #009900">endian</span><span style="color: #990000">=</span><span style="color: #FF0000">"big"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;Number</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Status"</span> <span style="color: #009900">size</span><span style="color: #990000">=</span><span style="color: #FF0000">"16"</span> <span style="color: #009900">signed</span><span style="color: #990000">=</span><span style="color: #FF0000">"false"</span> <span style="color: #009900">endian</span><span style="color: #990000">=</span><span style="color: #FF0000">"big"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;Blob</span></span> <span style="color: #009900">length</span><span style="color: #990000">=</span><span style="color: #FF0000">"13"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;Blob</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"ScrambleBuff2"</span> <span style="color: #009900">length</span><span style="color: #990000">=</span><span style="color: #FF0000">"13"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;/Block&gt;</span></span>
<span style="font-weight: bold"><span style="color: #0000FF">&lt;/DataModel&gt;</span></span></tt></pre></div></div>
</div>
</div>
<div class="sect1">
<h2 id="_client_authentication_packet_client_to_server">Client Authentication Packet (Client to Server)</h2>
<div class="sectionbody">
<div class="listingblock">
<div class="content"><!-- Generator: GNU source-highlight 3.1.7
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><span style="font-style: italic"><span style="color: #9A1900">&lt;!-- Client -&gt; Server --&gt;</span></span>
<span style="font-weight: bold"><span style="color: #0000FF">&lt;DataModel</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"ClientAuthPacket"</span> <span style="color: #009900">ref</span><span style="color: #990000">=</span><span style="color: #FF0000">"PacketHeader"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Block</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Data"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;Number</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"ClientFlags"</span> <span style="color: #009900">size</span><span style="color: #990000">=</span><span style="color: #FF0000">"32"</span> <span style="color: #009900">signed</span><span style="color: #990000">=</span><span style="color: #FF0000">"false"</span> <span style="color: #009900">endian</span><span style="color: #990000">=</span><span style="color: #FF0000">"big"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;Number</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"MaxPacketSize"</span> <span style="color: #009900">size</span><span style="color: #990000">=</span><span style="color: #FF0000">"32"</span> <span style="color: #009900">signed</span><span style="color: #990000">=</span><span style="color: #FF0000">"false"</span> <span style="color: #009900">endian</span><span style="color: #990000">=</span><span style="color: #FF0000">"big"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;Number</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"CharSet"</span> <span style="color: #009900">size</span><span style="color: #990000">=</span><span style="color: #FF0000">"8"</span> <span style="color: #009900">signed</span><span style="color: #990000">=</span><span style="color: #FF0000">"false"</span> <span style="color: #009900">endian</span><span style="color: #990000">=</span><span style="color: #FF0000">"big"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;Blob</span></span> <span style="color: #009900">length</span><span style="color: #990000">=</span><span style="color: #FF0000">"23"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"0"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;String</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"User"</span> <span style="color: #009900">nullTerminated</span><span style="color: #990000">=</span><span style="color: #FF0000">"true"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;Number</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"PasswordLength"</span> <span style="color: #009900">size</span><span style="color: #990000">=</span><span style="color: #FF0000">"8"</span> <span style="color: #009900">signed</span><span style="color: #990000">=</span><span style="color: #FF0000">"false"</span> <span style="color: #009900">endian</span><span style="color: #990000">=</span><span style="color: #FF0000">"big"</span> <span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
                        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Relation</span></span> <span style="color: #009900">type</span><span style="color: #990000">=</span><span style="color: #FF0000">"size"</span> <span style="color: #009900">of</span><span style="color: #990000">=</span><span style="color: #FF0000">"Password"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;/Number&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;Blob</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Password"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;String</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Database"</span> <span style="color: #009900">nullTerminated</span><span style="color: #990000">=</span><span style="color: #FF0000">"true"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;/Block&gt;</span></span>
<span style="font-weight: bold"><span style="color: #0000FF">&lt;/DataModel&gt;</span></span></tt></pre></div></div>
<div class="sect2">
<h3 id="_custom_mysql_password_scramble_fixup">Custom MySQL Password Scramble Fixup</h3>
<div class="listingblock">
<div class="content"><!-- Generator: GNU source-highlight 3.1.7
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><span style="font-weight: bold"><span style="color: #000080">import</span></span> hashlib
<span style="font-weight: bold"><span style="color: #000080">from</span></span> Peach<span style="color: #990000">.</span>fixup <span style="font-weight: bold"><span style="color: #000080">import</span></span> Fixup
<span style="font-weight: bold"><span style="color: #000080">from</span></span> Peach<span style="color: #990000">.</span>Engine<span style="color: #990000">.</span>common <span style="font-weight: bold"><span style="color: #000080">import</span></span> <span style="color: #990000">*</span>

<span style="font-weight: bold"><span style="color: #0000FF">class</span></span> <span style="font-weight: bold"><span style="color: #000000">MySqlScramble</span></span><span style="color: #990000">(</span>Fixup<span style="color: #990000">):</span>
<span style="font-style: italic"><span style="color: #9A1900">        '''</span></span>
<span style="font-style: italic"><span style="color: #9A1900">        The newer MySql scramble implementation.  Taken from</span></span>
<span style="font-style: italic"><span style="color: #9A1900">        MySQL v5 sql/password.c</span></span>
<span style="font-style: italic"><span style="color: #9A1900">        '''</span></span>

        <span style="font-weight: bold"><span style="color: #0000FF">def</span></span> <span style="font-weight: bold"><span style="color: #000000">__init__</span></span><span style="color: #990000">(</span>self<span style="color: #990000">,</span> message<span style="color: #990000">,</span> password<span style="color: #990000">):</span>
                Fixup<span style="color: #990000">.</span><span style="font-weight: bold"><span style="color: #000000">__init__</span></span><span style="color: #990000">(</span>self<span style="color: #990000">)</span>
                self<span style="color: #990000">.</span>message <span style="color: #990000">=</span> message
                self<span style="color: #990000">.</span>password <span style="color: #990000">=</span> password

        <span style="font-weight: bold"><span style="color: #0000FF">def</span></span> <span style="font-weight: bold"><span style="color: #000000">fixup</span></span><span style="color: #990000">(</span>self<span style="color: #990000">):</span>
                message <span style="color: #990000">=</span> self<span style="color: #990000">.</span><span style="font-weight: bold"><span style="color: #000000">_findDataElementByName</span></span><span style="color: #990000">(</span>self<span style="color: #990000">.</span>message<span style="color: #990000">).</span><span style="font-weight: bold"><span style="color: #000000">getValue</span></span><span style="color: #990000">()</span>
                password <span style="color: #990000">=</span> self<span style="color: #990000">.</span>password

                <span style="font-weight: bold"><span style="color: #0000FF">if</span></span> message <span style="color: #990000">==</span> None<span style="color: #990000">:</span>
                        <span style="font-weight: bold"><span style="color: #0000FF">raise</span></span> <span style="font-weight: bold"><span style="color: #000000">Exception</span></span><span style="color: #990000">(</span><span style="color: #FF0000">"Error: MySqlScramble was unable to locate [%s]"</span> <span style="color: #990000">%</span> self<span style="color: #990000">.</span>message<span style="color: #990000">)</span>
                <span style="font-weight: bold"><span style="color: #0000FF">if</span></span> password <span style="color: #990000">==</span> None<span style="color: #990000">:</span>
                        <span style="font-weight: bold"><span style="color: #0000FF">raise</span></span> <span style="font-weight: bold"><span style="color: #000000">Exception</span></span><span style="color: #990000">(</span><span style="color: #FF0000">"Error: MySqlScramble was unable to locate [%s]"</span> <span style="color: #990000">%</span> self<span style="color: #990000">.</span>password<span style="color: #990000">)</span>

                sha1 <span style="color: #990000">=</span> hashlib<span style="color: #990000">.</span><span style="font-weight: bold"><span style="color: #000000">sha1</span></span><span style="color: #990000">()</span>
                sha1<span style="color: #990000">.</span><span style="font-weight: bold"><span style="color: #000000">update</span></span><span style="color: #990000">(</span>password<span style="color: #990000">)</span>
                hashStage1 <span style="color: #990000">=</span> sha1<span style="color: #990000">.</span><span style="font-weight: bold"><span style="color: #000000">digest</span></span><span style="color: #990000">()</span>

                sha1 <span style="color: #990000">=</span> hashlib<span style="color: #990000">.</span><span style="font-weight: bold"><span style="color: #000000">sha1</span></span><span style="color: #990000">()</span>
                sha1<span style="color: #990000">.</span><span style="font-weight: bold"><span style="color: #000000">update</span></span><span style="color: #990000">(</span>hash_stage1<span style="color: #990000">)</span>
                hash_stage2 <span style="color: #990000">=</span> sha1<span style="color: #990000">.</span><span style="font-weight: bold"><span style="color: #000000">digest</span></span><span style="color: #990000">()</span>

                sha1 <span style="color: #990000">=</span> hashlib<span style="color: #990000">.</span><span style="font-weight: bold"><span style="color: #000000">sha1</span></span><span style="color: #990000">()</span>
                sha1<span style="color: #990000">.</span><span style="font-weight: bold"><span style="color: #000000">update</span></span><span style="color: #990000">(</span>message<span style="color: #990000">)</span>
                sha1<span style="color: #990000">.</span><span style="font-weight: bold"><span style="color: #000000">update</span></span><span style="color: #990000">(</span>hash_stage2<span style="color: #990000">)</span>
                to <span style="color: #990000">=</span> sha1<span style="color: #990000">.</span><span style="font-weight: bold"><span style="color: #000000">digest</span></span><span style="color: #990000">()</span>

                <span style="font-style: italic"><span style="color: #9A1900"># my_crypt(to, to, hash_stage1, SCRAMBLE_LENGTH)</span></span>
                out <span style="color: #990000">=</span> <span style="color: #FF0000">""</span>
                <span style="font-weight: bold"><span style="color: #0000FF">for</span></span> i <span style="font-weight: bold"><span style="color: #0000FF">in</span></span> <span style="font-weight: bold"><span style="color: #000000">range</span></span><span style="color: #990000">(</span><span style="font-weight: bold"><span style="color: #000000">len</span></span><span style="color: #990000">(</span>to<span style="color: #990000">)):</span>
                        out <span style="color: #990000">+=</span> to<span style="color: #990000">[</span>i<span style="color: #990000">]</span> <span style="color: #990000">^</span> hash_stage1<span style="color: #990000">[</span>i<span style="color: #990000">]</span>

                <span style="font-weight: bold"><span style="color: #0000FF">return</span></span> out

<span style="font-style: italic"><span style="color: #9A1900"># end</span></span></tt></pre></div></div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_command_packet_client_to_server">Command Packet (Client to Server)</h2>
<div class="sectionbody">
<div class="listingblock">
<div class="content"><!-- Generator: GNU source-highlight 3.1.7
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><span style="font-style: italic"><span style="color: #9A1900">&lt;!-- Client -&gt; Server --&gt;</span></span>
<span style="font-weight: bold"><span style="color: #0000FF">&lt;DataModel</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"CommandPacket"</span> <span style="color: #009900">ref</span><span style="color: #990000">=</span><span style="color: #FF0000">"PacketHeader"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Block</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Data"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;Number</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Command"</span> <span style="color: #009900">size</span><span style="color: #990000">=</span><span style="color: #FF0000">"8"</span> <span style="color: #009900">signed</span><span style="color: #990000">=</span><span style="color: #FF0000">"false"</span> <span style="color: #009900">endian</span><span style="color: #990000">=</span><span style="color: #FF0000">"big"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
                <span style="font-weight: bold"><span style="color: #0000FF">&lt;String</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"SQL"</span> <span style="color: #009900">nullTerminated</span><span style="color: #990000">=</span><span style="color: #FF0000">"true"</span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;/Block&gt;</span></span>
<span style="font-weight: bold"><span style="color: #0000FF">&lt;/DataModel&gt;</span></span></tt></pre></div></div>
</div>
</div>
<div class="sect1">
<h2 id="_next_steps">Next Steps</h2>
<div class="sectionbody">
<div class="literalblock">
<div class="content">
<pre><code>todo</code></pre>
</div></div>
<hr />
<div class="paragraph"><p><a href="DevelopmentEnvironment-4.html" tppabs="http://old.peachfuzzer.com/v2/TutorialNetworkServer/DevelopmentEnvironment.html">&lt;&lt; Previouse</a> | <a href="TutorialNetworkServer.html" tppabs="http://old.peachfuzzer.com/v2/TutorialNetworkServer.html">Up</a> | <a href="CreateStateModel-4.html" tppabs="http://old.peachfuzzer.com/v2/TutorialNetworkServer/CreateStateModel.html">Next &gt;&gt;</a></p></div>
</div>
</div>
</div>
<div id="footnotes"></div>
<div id="footer">
<div id="footer-text">

<table width="100%">
<td><td>
<a href="javascript:if(confirm(%27http://dejavusecurity.com/  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://dejavusecurity.com/%27" tppabs="http://dejavusecurity.com/"><img src="dejavusecurity.png" tppabs="http://old.peachfuzzer.com/images/dejavusecurity.png" height="50"/></a>
</td><td>&nbsp;&nbsp;&nbsp;</td><td>

Copyright (c) <a href="javascript:if(confirm(%27http://dejavusecurity.com/  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://dejavusecurity.com/%27" tppabs="http://dejavusecurity.com/">Deja vu Security</a> <br/>
Last updated 2014-02-23 21:20:35 PST
</td>
</table>

<script type="text/javascript">

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-1094513-10']);
  _gaq.push(['_trackPageview']);

  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www/') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>
</div>
</div>
</div>
</div>
</body>
</html>
